Communication method in a set of distributed systems via an internet type network

ABSTRACT

The invention relates to a communication process via an internet network that comprises distributed systems (S 1 ). Each system (S 1 ) is connected to the network (SR X ) via a standard interface module ( 10 ), standard software layers ( 12, 13 ) comprising a stack of addresses and protocols, and hosts software entities (SV A , SV B ). The latter and the systems (S 1 ) are provided with a network address in a virtual subnetwork to which the system itself (S 1 ) and said software entities (SV A , SV B ) are connected via a specific interface module ( 11, 20, 30 ) and specific software layers ( 21-22, 31-32 ) comprising a stack of addresses and protocols. The addresses and names of the systems (S 1 ) and of the software entities (SV A , SV B ) connected to the virtual networks (SVN y ) are stored in a domain name directory (DNS 1 ), making it possible to directly address one of the software entities (SV A , SV B ).

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a communication process in a set ofdistributed systems through an internet type network.

More particularly, the invention relates to the naming, the addressing,and the routing of information between the distributed systems, via oneor more networks or subnetworks using internet technology.

Within the scope of the present invention, the term “internet” should beunderstood in its most general sense. It specifically includes, inaddition to the global network of computers known as the “Internet” perse, private corporate networks or the like, known as “intranets,” andthe networks that extend them to the outside, known as “extranets.”

It is also useful, for purposes of clarity, to review severaldefinitions used in the description of the present invention.

Hereinafter, a unit, a data processing machine, or more generally, aplatform, using an operating system (“OS”) will be called a “system.”These systems are connected to one another by one or more networks orsubnetworks, at least some of which use internet technology, in thesense mentioned above. Hereinafter, the terms “networks” and“subnetworks” will be used interchangeably.

These systems host “servers.” A server is generally defined as beingsoftware or a software entity that provides a given service (forexample, file transfer software).

In internet technology, so-called “IP” addresses are used. An address ofthis type is structured and comprises a subnetwork address, called aprefix, and an address of an entity in this subnetwork.

Referring again to a server, it is addressable according to the priorart by means of an IP address as just defined and a port number, whichwill be designated P_(i), with i being an arbitrary subscript. This portnumber typically comprises two bytes and makes it possible to reach theserver i in the system.

In summary, if a system with the arbitrary subscript 0 is referenced S₀,and is associated with an IP address notated “X, X₀”, this means thatthis system S₀ is connected to the subnetwork with the prefix X, with X₀as its address in this subnetwork. A system can naturally be connectedto several subnetworks. In this case, it has as many IP addresses asthere are subnetworks.

Although the invention applies to all sorts of existing applications orservices, it applies more particularly to distributed systems using“object” technology and to communications of the “client-server” type.To explain the concept, without in any way limiting its scope, thefollowing will keep to this preferred context of the invention, unlessstated otherwise. In other words, this particular technique applies tothe exchanges of messages between client objects and server objects,which objects can be distributed throughout the entire system.

2. Description of Related Art

As is well known, systems connected to one or more networks orsubnetworks are grouped into domains.

In the past, the networks and the systems were dissociated, and eachdomain used its own mechanisms for naming and addressing entities aswell as for routing information in the networks and systems.

Moreover, the mechanisms were not unified within the same network orsystem domain. A first simplification or streamlining occurred, withrespect to networks, with the emergence of internet.

As for the systems themselves, the degree of streamlining is generallyvery low. However, there have been a few attempts at streamlining. Forexample, with respect to address directories, it is possible to use theaccess method known by the acronym “LDAP” (“Lightweight Directory AccessProtocol”) and the architecture that conforms to the “X500” standard. Inaddition, services such as “DNS” (“Domain Name Server”) are beginning tobe integrated into operating systems (“OS”) or into “middleware.”However, there is still a big difference between the “network” approachand the “system” approach.

In summary, it is clear that in the prior art, the systems, subsystems,services and software applications normally use specific solutions forthe naming, addressing and routing of information. This situation is notwithout its drawbacks, and several of these will be discussed.

First of all, the multiplicity of solutions makes the process forconfiguring the components listed above very complex.

The configurations are normally static. However, as noted, there is atrend toward using directories of the “X500” type for the systemobjects: the users, the resources, the services and the applications.Nevertheless, the network objects, which are managed by the internetdomain name servers (“DNS”), are still excluded and are not integratedwith the system objects.

It follows that when a client interacts with a server, specificaddressing and name resolution services are used. For example, namingservices like those known by the name “CORBA” (defined by the “ObjectManagement Group” consortium) may be cited. These services use verydifferent mechanisms. Other services are known, for example the namingservice of the “DCE” (“OSF” in a distributed environment), or of“TUXEDO” (distributed transaction service known in the “UNIX”environment, “TUXEDO” and “UNIX” being registered trademarks).

In general, clients that address a remote entity managed by a system,service or application invoke a name service. This requires the name ofthe network and the network address of the system that contains theentity to be reached.

The drawbacks inherent in these solutions are the following: amultiplicity of naming services, directories, and tables ofcorrespondences between network and system addresses, the complexity ofthe configuration processes, and above all, the need for the client (oruser) to know which system (i.e., which machine) contains the objectaddressed, or more generally, the entity addressed.

The processes according to the prior art therefore have numerousdrawbacks. Furthermore, it may be added that they do not meet thecurrent needs, or at least meet them inadequately. The most importantneeds are listed below.

First of all, as has been noted, the configuration is most often static.The current need is to move toward “zero administration,” based on anautomatic and dynamic configuration.

A second need relates to portability. An object, or more generally anentity, belonging to a “DNS” domain must be able to migrate, i.e., toleave its domain, while remaining addressable as though it had stayed inits domain.

A third need, which goes hand-in-hand with the second, is that theservers must be independent from the host platforms. This setup allowsunlimited migration.

A fourth need relates to security, in the broadest sense of thisconcept: authentication, access control, integrity and confidentialityof the exchanges. Generally, this is called the “AIC” concept—for“Availability—Integrity—Confidentiality.” These requirements must be metfrom end to end between, for example, the client object and the serverobject, i.e., a software entity, and not just during the passage throughthe network or networks, i.e., between physical machines.

A fifth need relates to the compatibility, or coexistence, between thevarious internet protocols, especially between the widely used “IPV4”version and the more recent “IPV6” version, this version being a subsetof the “IPNG” (Internet Protocol New Generation”) standard currentlybeing implemented.

However, it must be noted that an address conforming to the IPV4protocol has only four bytes, or 2³² theoretical addresses, actually farfewer because of the structural hierarchy (particularly the presence ofa prefix). Projections into the future have shown that, given thepredictable growth of the Internet, a real shortage of addresses shouldoccur during the period from 2005 to 2011. Also, since 1995,recommendations for the adoption of a new protocol, IPV6, have beenpublished (“Internet Engineering Task Force” and “IPng” work groups). Anaddress conforming to this IPV6 protocol comprises sixteen bytes, whichallows for a much larger address space, even if not all of the addressesare actually usable, as in the case of the IPV4 protocol. In effect,this has been calculated to represent 6.65×10²³ network addresses persquare meter of the surface of the planet. A more detailed descriptionof this protocol may be found in the in the book by A. Thomas, “IPng andthe TCP/IP protocols,” published by Wiley Computer Publishing, 1996.

SUMMARY OF THE INVENTION

The process according to the invention further multiplies the need fornumbers of distinct addresses, as will be shown. For all of thesereasons, it is preferable to use the IPV6 protocol within the scope ofthe invention.

Consequently, the object of the invention is to eliminate the drawbacksof the prior art, while meeting the current needs, some of which havebeen mentioned, without significantly increasing costs, while possiblyeven obtaining a reduction of these costs.

To this end, the systems, accepting what has been given, are consideredto be virtual networks, which hereinafter will be called “system virtualnetworks” or “SVN”. In other words, the software entities, for examplesoftware objects in a preferred embodiment, become directly addressablein a system. This system constitutes a node of the virtual network “SVN”and also a node of the “real” network, i.e., the Internet, intranet orextranet. The system acts as a gateway that interconnects the nodes ofthe virtual network “SVN” to the aforementioned “real” network.

In a preferred variant of the invention, the process also provides adynamic, i.e., automatic, configuration capability. To do this, it usesthe above-mentioned IPV6 protocol. The latter characteristic also offersthe capability to meet certain additional requirements, such asportability and/or security.

The physical and logical objects, or more generally the physical andlogical entities, whether they are of the system or the network type,i.e., the clients, servers, systems, gateways, routers, etc., are at thesame address level. Common mechanisms are used for the naming, theaddressing, and the name resolution and routing services. When a clientestablishes a connection with a software server that, in a preferredvariant of embodiment, is an object container, there is no longer a needto also provide the name of the system (i.e., the machine and itsservices) that contains this server.

Hence, the subject of the invention is a process for communication in aset of distributed systems via at least one internet type network, saidset being divided into at least one domain comprising systemsaddressable via said network by means of a first series of internet typeaddresses stored in a domain name directory and each system beingconnected to said network via a standard interface module, standardsoftware layers comprising a stack of addresses of the first series andinternet type communication protocols, and hosting at least one softwareentity, characterized in that said software entities and said systemsare each associated with an internet type address of a second series, inthat each system is configured into a so-called system virtual network,to which the system itself and said software entities are connected viaspecific interface modules and specific software layers comprising astack of addresses of the second series and internet type communicationprotocols, and in that said addresses and names of the systems and thesoftware entities connected to said system virtual networks are storedin said domain directory, making it possible to directly address any ofsaid software entities hosted in any of said systems.

Hence, it is clear that the process according to the invention providesmany advantages, including the capability for a client (or moregenerally for a user) to directly address a server (or more generally asoftware entity), and not the system that contains it.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be more clearly understood and other characteristicsand advantages will emerge from the reading of the following descriptionin reference to the attached figures, in which:

FIGS. 1a through 1 c illustrate an architecture of a distributed systemin an internet type network according to the prior art;

FIG. 2 schematically illustrates the process according to the invention;

FIGS. 3 and 4 illustrate the architecture of a system according to theprocess of the invention;

FIG. 5 schematically illustrates a communication process in atwo-protocol system; and

FIG. 6 illustrates the adaptation of the process according to theinvention to a clustered system architecture.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

Before describing the process according to the invention, it is firstnecessary to review the configuration of a system 1 according to theprior art and its chief characteristics, in reference to FIGS. 1athrough 1 c.

First of all, let us consider an isolated system, referenced S₀,connected to an internet type subnetwork SR_(X), with the prefix X, asillustrated more particularly by FIG. 1a. Let us also assume that ithosts two servers SV₀₁ and SV₀₂, i.e. two software objects, or moregenerally two software entities. The system S₀ has an IP address in thesubnetwork SR_(X) given by the relation @IP:X, X₀.

Each server, SV₀₁ or SV₀₂, is identified by an IP address and a portnumber, P₀₁, or P₀₂, which are:

for the server SV₀₁: X, X₀, P₀₁;

for the server SV₀₂: X, X₀, P₀₂.

The system S₀ is connected to the subnetwork SR_(X) via an interface I₀,which will be described in detail below, and which comprises variouslogical layers: stacks of IP addresses, communication protocols. Onlythis interface knows the port numbers P₀₁ and P₀₂. Therefore, it is easyto see that according to the prior art, when wishing to address one ofthe servers SV₀₁, of SV₀₂ from outside the system S₀, it is absolutelynecessary to know the IP address of this system, i.e., the address @IP:XX₀.

FIG. 1b illustrates, more generally, a set 1 of systems connected via asubnetwork SR_(X), again in a configuration according to the prior art.

In FIG. 1b, it is assumed that the set 1 constitutes one and only onedomain D₁. It is also assumed that the system 1 comprises q clients,referenced Cl₁ through Clq, and n machines, i.e., systems, referenced S₁through Sn. Each system comprises a given number of servers, for examplem servers in the system S₁ referenced SV₁₁, through SV_(1m), and pservers in the system S_(n), referenced SV_(n1) through SV_(np). Eachsystem is provided with one or more so-called IP addresses.

The exchanges of information, i.e., of messages, take place using the“TCP-IP IP” protocol between the clients Cl₁ through CL_(q), and thesystems S₁ through S_(n), via the internet type subnetwork SR_(X). Thedomain D₁ also comprises a domain name server DNS₁ that stores adirectory of IP addresses. Finally, each system S₁ through S_(n)comprises an interface, I₁ through I_(n), with the subnetwork SR_(X),which stores a stack of IP addresses associated with each system and arouting table that makes it possible to transfer a received message toanother system via the subnetwork SR_(X).

Within a system, for example the system S₁, a particular server, forexample the server SV₁₁, is identified by a port number, as noted inconnection with FIG. 1a.

When a client, for example Cl₁, wants to address a particular server,for example the aforementioned server SV₁₁, it is necessary for it toknow the name of the system that is hosting it, in this case the systemS₁. The directory present in the server DNS₁ establishes a correlationbetween the name and the IP address of the system S₁ containing theserver SV₁₁. The client Cl₁ then addresses the system S₁ using the IPaddress it receives from the domain name server DNS₁.

As shown in FIG. 1c, the addressing schema is very similar to the onejust described when the set of systems, referenced 1′, comprises severaldomains, for example two domains D₁ and D₂. Each domain D₁ and D₂comprises its own specific domain address server DNS₁ and DNS₂, and anetwork or subnetwork SR_(X1) and SR_(X2), respectively. Theinterconnections between subnetworks take place via an interdomainnetwork or subnetwork SR_(id), and a server, also interdomain, DNS_(id),is provided. If the client Cl₁ in the domain D₁ no longer wishes toaddress a server (not represented) comprised in the system S₁₁ of thedomain D₁, but a server (not represented) comprised in the system S₂₁ ofthe domain D₂, it will be provided with the address of the destinationdomain D₂ by the server DNS_(id); then, in the domain D₂, it will beprovided with the address of the destination system S₂₁ by the serverDNS₂. Here again, it is necessary to know the name of the system hostingthe server addressed, in this case the name of the system S₂₁.

Before describing the process of the invention, it is also necessary tobriefly review the mechanisms used in the domain servers, for exampleDNS₁ or DNS₂, and those used for routing.

The main function of domain name server, or “DNS,” is to establish acorrespondence between symbolic names assigned to systems (and moregenerally to entities, as explained above, within the scope of theprocess according to the invention), and IP addresses. A domain nameserver operates hierarchically. It is constituted by domains, forexample D₁ or D₂ (FIG. 1c), that allow the names to be divided intofunctional categories, for example associated with a business, with acountry, etc. This last characteristic, at the “top” of theaforementioned hierarchy (first level domains), is represented by asuffix such as “com,” “edu,” “gov,” “int,” “mil,” “net,” “org,” “fr,”etc., separated from the rest of the name by a period. The rest of thedomain name can in turn be divided into partial domain names separatedby periods (lower levels). For example, a given business service couldbe represented by a symbolic name such as “service1.xxx.com”, in which“xxx” would represent the name of a company and “service1” wouldrepresent a particular service. A search for this name makes it possibleto focus on the domain name servers “DNS” assigned to “.com”. If a nameof the aforementioned type is being searched for, it is the domain nameserver “DNS” assigned to “.xxx”, whose superior server is “.corn”, thatwill process the request. This corresponds to the schema implicitlydescribed in connection with FIG. 1c.

More precisely, for example, in the domain name server DNS₁ of thedomain D₁ that contains the system S₁₁, there is an entry of the type“sys11→X₁, X₁₁”, X₁ being the prefix of the subnetwork SR_(X1), and X₁₁the address of the system S₁₁ in the subnetwork SR_(X1).

Within a system, an initial configuration operation makes it possible toallocate it an address using a specific command. For example, in a“UNIX” (registered trademark) environment, the command “IFCONFIG” makesit possible to configure the network interfaces, for example I₁ throughI_(n) (FIG. 1b), of a stack of internet protocols. This configurationoperation creates an entry in a table known by the acronym “IFNET”. Thistable contains a description of the interface, the IP address, statusinformation and pointers to the “drivers” associated with the interface.After this operation, the system S₁₁ (in the example) has the addressX,X₁₁as its IP address.

Referring again to FIG. 1a, the routing allows access to a subnetworkother than the subnetwork SR_(X), for example a network SR_(Z) (notrepresented), Z being the prefix of this network. this access takesplace through the system S₀, which constitutes an X-Z gateway. Thesystem S₁₁ is a terminal and the IP routing level can be deactivated.

Within an internet network, the routers use databases that make itpossible to switch the packets of informational data. There are manyknown routing protocols such as “RIP” (“Routing Information Protocol”)or “OSFP” (“Open Shortest Path First”). These protocols allow therouters to exchange routing information. For example, if the “RIP”protocol is used, a given system communicates the addresses of itsprefixes (i.e., the addresses of the subnetworks to which it isconnected) to all of its neighbors. Thus, step by step, the routes thatallow the packets to be routed are established.

It is then necessary to declare “drivers,” and more precisely, two typesof drivers: a network interface driver, called “nid”, and a driver thatcorresponds to the electronic circuit board for interfacing with thenetwork, called “ndd” (for “network device driver”).

The process according to the invention will now be described.

FIG. 2 very schematically illustrates the process for addressing serversaccording to the invention. It is assumed in FIG. 2, for purposes ofstreamlining that the set of systems, here referenced 2, is comprisedwithin only one domain D₁, associated with one domain name server DNS₁and only one client Cl₁.

According to a first important characteristic of the invention, each“real” system (S₁ through S_(n) of FIG. 1b) is comparable to a virtualnetwork SVN₁ through SV_(n), represented by dotted lines in FIG. 2.These networks will hereinafter be called “system virtual networks.”

According to a second important characteristic of the invention, theservers for example SV₁₁ through SV₁₃, are each associated with anindividual IP address. It follows that each server, for example theserver SV₁₁, i.e., an object or a software entity, is directlyaddressable by a client, for example a client Cl₁, and more generally aclient Cl_(X) if the system 2 comprises several clients (x beingarbitrary). In other words, a client no longer needs to know the name ofthe system hosting the server sought. The directory of the server DNS₁stores all of the IP addresses of the servers, for example the serversSV₁₁ through SV₁₃ of the system virtual network SVN₁.

It must be noted that, in a multidomain system, all the servers of asystem virtual network belong to the same domain.

According to a third important characteristic of the invention, the“real” systems or machines (S₁ through S_(n) of FIG. 1b) which, in aconfiguration according to the prior art, constitute endpoint systems,become intermediate systems. They constitute nodes of the virtualnetworks SVN₁ through SVN_(n), and also nodes of the “real” network,i.e. the internet or intranet subnetwork SR_(X). The systems act asgateways that interconnect the nodes of the virtual networks SVN₁through SVN_(n) with the subnetwork SR_(X). Each system is also providedwith an IP address.

Hence, a system virtual network SVN₁ associated with a system S₁ may berepresented as illustrated by FIG. 3. It is noted that the system S₁actually constitutes a node for the network R_(X) and that, seen fromthis network (i.e., from the outside), it is associated with a firstaddress IP₁, with @IP₁:X, X₁, X being the prefix assigned to thesubnetwork SR_(X)and X₁ the address of S₁ in the subnetwork SR_(X).

It is assumed that the system virtual network SVN_(y) is constituted bythe two servers referenced SV_(A) and SV_(B) that it hosts and by thesystem S₁ itself. Seen from the system virtual network SVN₁, the systemS₁ is associated with a second address IP₂, with @IP₂:Y, Y₁, Y being theprefix assigned to the system virtual network SVN_(Y) and Y₁ the addressof S₁ in the network SVN_(Y).

Likewise, the servers S_(A) and S_(B) are associated with two addressesIP_(A) and IP_(B), respectively, with @IP_(A):Y, Y_(A), and @IP2:Y,Y_(B), Y_(A) and Y_(B) being the addresses of SV_(A) and SV_(B),respectively, in the network SVN_(Y).

FIG. 4 illustrates in greater detail the architecture of the system S₁according to the invention.

The “real” network R_(X) communicates with the system virtual networkSVN_(Y) via a standard network interface module 10, known by the acronym“IFNET” (common to the prior art), a stack of system IP addresses 12,also standard, and an interface module 11 specific to the system virtualnetwork, which, for the sake of analogy, will be called “IFSVN”. Inessence, the latter plays a role similar to the “IFNET” interface 10.The system also comprises a standard “TCP/UDP” protocol layer 13.

Likewise, even though the servers SV_(A)and SV_(B)are physically locatedin the system S₁, they are both provided with specific “IFSVN” interfacemodules, 20 and respectively, stacks of IP addresses, 21 and 31respectively, and “TCP/UDP” protocol layers, 22 and 32 respectively. Theservers SV_(A) and SV_(B)therefore communicate with the system virtualnetwork SVN_(Y) through these two layers and through the specificinterface modules.

In other words, the specific interface modules 11, 20 and 30 allow for astandard behavior of the IP level (level 12) of the system S₁ thatcontains the system virtual network SVN_(Y). They allow the routing ofpackets of information within the system S₁ to the software serversSV_(A) and SV_(B), which henceforth act like virtual endpoint systems ofthe system virtual network SVN_(Y).

According to the invention, the allocation of IP addresses, whether theyrelate to the systems per se or more specifically to the softwareservers, takes place in a way that is intrinsically similar to themethods of the prior art.

For a given server, for example SV_(A), i.e., related to an object runin a system, for example the system S₁ included in the domain D₁, thedirectory of the server DNS₁ is updated. This update can be performedmanually or automatically, as will be explained below.

More precisely, an object or an entity uses two functions that areintrinsically known: the allocation of a global address and the releaseof an address.

As indicated, the allocation of an address takes place in a way similarto the prior art, but with one major difference: the system virtualnetworks are referenced in the domain name server with the entities thatare connected to them, including the software servers.

Returning to the example of FIG. 4, the domain name server DNS₁ storesthe following entries:

a/ sys1→X,X₁;

b/ sys2→Y,Y₁;

c/ serva→Y,Y_(A);

d/ servb→Y,Y_(B); the entries a/ and b/ being related to the addressesIP₁ and IP₂, respectively, and the entries c/ and d/ being related tothe addresses IP_(A) and IP_(B), respectively. It must be noted thatsys1, sys2, serva, and servb are symbolic names.

A server or service is therefore directly addressable. For example, if acompany “xxx” has the domain name server DNS₁ and its superior domainname server is the server of “corn”, the service “serva” becomesaddressable in the Internet by the name “serva.xxx.com”. Any clientobject, or more generally any user, can query its domain name server torequest the IP address corresponding to this name. The domain of thesystem that sent the request, given the structuring of the name (i.e., anotation that includes periods) transfers the request to its superiordomain name server if it cannot handle it itself, and so on until aparticular domain server is capable of addressing the request to thedomain name server that will handle the correspondence “symbolic name-IPaddress requested,” for example the server DNS₁.

The address releasing function releases an address previously allocatedto an object.

For routing purposes, the system S₁ is no longer an endpoint, but hasbecome a gateway. The IP routing level is necessarily activated.

In order for there to be correct routing between all of the systems of anetwork, no matter what its nature, it is also necessary to perform nameresolution operations. This function is the most important of thoseassigned to the protocol “ICMP” (for “Internet Control MessageProtocol”). It consists in the discovery, for a given system, forexample S₁, of the neighbor systems that share the links to which it isconnected. This operation takes place the first time a datagram is sentthrough the network SR_(X)to a neighbor. In effect, at this instant, thesystem S₁ that wishes to send a datagram to one of its neighbors knowsthe IP address of the destination, but not its network address (forexample an “Ethernet” (registered trademark) address, if it is a networkof that type). In practical terms, this means that the system S₁ mustconstruct a table that establishes the correspondences between IPaddresses and network addresses. To do this in local area networks, forexample in networks of the aforementioned “Ethernet” type, the IPV4protocol uses a protocol known by the term “ARP” (for “AddressResolution Protocol”) and the IPV6 protocol uses a protocol known by theterm “NDP” (for “Neighbor Discovery Protocol”). For example, if theprotocol “NDP” is used, the system S₁ can know the network addresses ofthe other systems that share its links. A given system uses a broadcastaddress to request from its neighbors, as a function of their IPaddresses, their network addresses.

In the case of the system virtual networks according to the invention,for example SVN_(Y), the various users are the system S₁ itself and theservers hosted by this system SV_(A) and SV_(B). Since they are locatedin the same place, the neighbor discovery described above isunnecessary. The protocols “ARP” or “NDP” are not invoked.

The initial configuration operation must, in the case of the invention,be subdivided. For example, in the above-mentioned “UNIX” environment,the command “IFCONFIG” is also used. However, it is necessary toconfigure the interface to the subnetwork SR_(X), the interface to thesystem virtual network SVN_(Y), and also to configure an address of thealias type for each server connected to this network. In the exampledescribed, two addresses must be configured: @IPA:Y, Y_(A) and @PB:Y,Y_(B).

As in the case of the prior art, it is necessary to declare “drivers,”and more precisely, two types of drivers: a network interface driver,called “nid,” and a driver that corresponds to the electronic circuitboard for interfacing with the network, called “ndd” (for “networkdevice driver”). Likewise, it is necessary to declare an interfacedriver for the system virtual network, for example SVN_(Y). This lastdriver is created (software development) in accordance with the rulesfor writing a standard interface driver “nid”. It must be noted that theequivalent of the driver “ndd” is no longer necessary. In fact, the“TCP/IP” layers necessarily comprise a driver called a “loopback” which,for the system virtual network SVN_(Y), plays the role of the driver“ndd” for the subnetwork SR_(X).

The way in which data packets enter and leave the system S₁ will now bedescribed in greater detail.

If a data packet containing the indications “Y, Y_(A)” in its IP addressarrives in the system S₁, the latter consults the local address table.It finds “Y, Y_(A) in the “IFNET” table 10 (an entry called an “alias”)and considers the packet to have arrived at its destination and deliversit to the waiting application, i.e., the server SV_(A), via the virtualnetwork SVN_(Y).

If a data packet is sent by a server, for example the server SV_(B), toa server SV_(n) located outside the system virtual network SVN_(Y), thesystem S₁ acts as a “routing server,” or gateway, and switches thispacket to the network interface that corresponds to the subnetworkSR_(X).

If, on the other hand, a data packet is sent by a server, for examplethe server SV_(B), to a server located inside the system virtual networkSVN_(Y), for example the server SV_(A), the system S₁ also acts as arouter. It detects that the destination address corresponds to one ofthe local addresses. It executes a standard loop of the type known bythe term “loopback” (mandatory in any stack of TCP/IP protocols, asindicated above) and transmits the packet to the server SV_(A). Hence,the data packet does not leave the system S₁. In particular, it does notpass through the subnetwork SR_(X).

The process according to the invention offers many advantages andpossibilities.

First of all, it must be noted that the process according to theinvention is fully compatible with the internet protocol most commonlyused to date, i.e., the IPV4 protocol, alone or in combination with thenew IPV6 protocol.

FIG. 5 illustrates, by way of example, the communication process betweentwo system virtual networks SVN_(Y) and SVN_(Z), comprised in twosystems, S₁ and S₂ respectively. It is assumed that the two systems haveboth IPV4 and IPV6 addresses. It is also assumed that the networkSR_(X)that connects the two systems S₁ and S₂ uses the IPV4 protocol.The standard encapsulation mechanisms used by the IPV6 protocol allowthe users of the systems S₁ and S₂ to interoperate by using IPV6 packetsthat are encapsulated into IPV4 packets as they pass through IPV4networks, as is the case for the network R_(X).

The two protocols can therefore coexist, and the IPV4 protocol can stilltheoretically be used alone within the scope of the invention. However,it has been indicated that a shortage of addresses is predictable.Moreover, given that according to one of the most importantcharacteristics of the invention, the servers are also provided with anIP address, which contributes to increasing the need for addresses, itseems preferable to use the IPV6 protocol within the scope of theinvention.

Secondly, in combination with the new IPV6 internet protocol, theprocess according to the invention allows for a dynamic configuration,the dynamic resolution of the names being achieved by the protocol knownas “NDP” (for “Neighbor Discovery Protocol”). The dynamic allocation ofIP addresses is followed by an update of the databases of the directoryservice, making the owner of the IP address capable of communicatingwith a network of the internet, intranet or extranet type.

By way of example, a three-phase process, which makes an object or anentity dynamically addressable anywhere in a given domain, will bedescribed in detail below.

During phase 1, the object is run in a first system, for example thesystem S₁ (FIG. 5), and the following steps are performed:

allocation of an IP address to the object;

the directory of the domain, for example DNS₁ of D₁, that contains thesystem S₁ is updated;

the object can then establish connections with other objects.

During phase 2, the object is transferred into another system, forexample the system S₂ (FIG. 5), and the following steps are performed:

the object closes its active connections;

the object releases its IP address;

the directory DNS₁ of D₁ is updated;

the object is transferred to the system S₂ using a file transferprotocol.

During phase 3, the object is run in the system S₂ and the followingsteps are performed:

allocation of a new IP address to the object;

update of the directory DNS₁ of D₁;

the object can again establish or accept connections.

Third, the process according to the invention, again in combination withthe IPV6 protocol, also allows for the portability of an object or anentity. In fact, the IPV6 protocol offers the capability for this objectto leave a domain, while remaining addressable as though it were stillin the original domain.

Fourth, the process according to the invention allows software objectsor entities to fully benefit from the security techniques defined at theinternet level. These techniques are implemented using “firewalls” andthe “IPSEC” protocol. They provide access control services (addressfiltering), authentication, integrity (signatures) and confidentiality(using encryption algorithms). In the prior art, the internet link doesnot connect the systems to one another. In other words, the link and the“IPSEC” protocol do not extend as far as the software applications,i.e., as far as the servers. It is therefore common to provideadditional secure software layers, well known by the acronym “SSL” (or“Secure Socket Layers”) in the systems, which makes the links morecomplex, especially when each object or entity generally has its ownspecific security requirements.

The process according to the invention, through the concept of a newgeneration of “firewall” associated with each client and each serverwhose security must be ensured, simplifies the security of the systems,since the links extend all the way to the software objects or entities.In fact, according to one of its chief characteristics, these softwareobjects have their own IP addresses and are therefore directlyaddressable. In addition to providing greater simplicity, the processalso makes it possible to reduce the cost of the solutions. Theequivalent security techniques implemented in the middleware in theprior art, illustrated for example by the above-mentioned “SSL” layer,become unnecessary.

Up to this point, each system has been considered to be autonomous.Advantageously, the process according to the invention can also beapplied to systems in “clusters.” In essence, the main purpose of suchan architecture is to appear, seen from the outside, to be a singlesystem or machine. The process according to the invention makes itpossible achieve this objective.

FIG. 6 illustrates an architecture of this type. The clustered machinesM₁ through M_(X), x being the maximum number of machines, areinterconnected through a local area network SR_(C). There is networkequipment in this local area network: the node N provided with an IPaddress, IP_(N) in the network SR_(X). Each machine, together with theservers it is hosting at a given instant, constitutes a virtual networkSVN_(M1) through SVN_(Mx), these networks being connected according tothe process of the invention to the network SR_(X), to the local areanetwork SR_(C) by each system, and to the network SR_(X) via the node N.

The standard IP mechanism organizes the routing of a packet addressingan object of a system virtual network to the node of the cluster thatcontains it, for example the server SV_(C) in the system virtual networkSVN_(M1) in the machine M₁. For a remote client outside the cluster, theobject addressed can be run in any node of the cluster, in a way that istransparent for this client. In effect, there is no longer any need toaddress a particular machine among the x machines. It is only necessaryto address the desired object or entity, for example SV_(C).

This mode of operation allows high availability. If an object or asoftware entity of a system virtual network becomes unavailable due to ahardware or software failure of the system that is hosting it, theobject can be restarted in another node and the standard addressresolution mechanisms will allow it to be reconfigured dynamically. Todo this, it is simply necessary to implement the process according tothe invention, in combination with the IPV6 protocol.

In another operating mode, the object or entity can be duplicated in twoor more of the machines constituting the cluster. This redundancy can beprovided for the same reasons as above (failure or malfunction) or inorder to ensure availability, through rerouting, despite an overload ofone or more machines (parallel operation).

With the reading of the above, it is easy to see that the inventionclearly achieves the objects set forth.

The advantages offered by the invention are numerous. Withoutredescribing them in detail, it is possible to summarize them asfollows:

streamlining of the addressing, the name services and the associatedprotocols, for the network objects or entities as well as for theobjects or entities of the systems (software or applications);

independence of the servers from the systems (machines);

dynamic configuration, which makes it possible to move toward “zeroadministration”;

portability of the software objects or entities;

network security services applied to the software objects or entities;

reduction of the costs of the solutions by reusing network servicesexisting through middleware and applications;

and compatibility with current internet type architectures, as well asthe utilization of standards.

It should be clear, however, that the invention is not limited to justthe exemplary embodiments explicitly described, specifically in relationto FIGS. 2 through 5.

While this invention has been described in conjunction with specificembodiments thereof, it is evident that many alternatives, modificationsand variations will be apparent to those skilled in the art.Accordingly, the preferred embodiments of the invention as set forthherein, are intended to be illustrative, not limiting. Various changesmay be made without departing from the spirit and scope of the inventionas set forth herein and defined in the claims.

What is claimed is:
 1. A process for communication in a set ofdistributed systems via at least one internet type network, said setbeing divided into at least one domain comprising systems addressablevia said network by means of a first series of internet type addressesstored in a domain name directory and each system being connected tosaid network via a standard interface module and having standardsoftware layers comprising a stack of addresses of the first series andinternet type communication protocols, and each system hosting at leastone software entity, the process comprising: providing said softwareentities and said systems with an internet type address of a secondseries; configuring each system into at least one system virtual networkto which the system itself and said software entities are connected viaspecific interface modules and specific software layers comprising astack of addresses of the second series and internet type communicationprotocols; and storing said addresses and names of the systems and thesoftware entities connected to said system virtual networks in saiddomain directory, such that any of said software entities hosted in anyof said systems may be directly addressed from anywhere in said set ofdistributed systems using the internet type address of the second seriesor the names of the software entities.
 2. A process according to claim1, characterized in that the process comprises allocating an addresscomprising a prefix and an identifier to each of said software entitiesfor updating said domain name directory to record the names andaddresses of these software entities, and releasing addresses so as torelease an address previously allocated to a given software entity.
 3. Aprocess according to claim 2, characterized in that said addresses areestablished in conformity with an internet protocol.
 4. A processaccording to claim 3, characterized in that said address allocation isdynamic and in that the dynamic address allocation comprises at leastthe following phases and steps: a phase for running said software entityin a first system, comprising steps for allocating an address inconformity with the internet protocol, updating said domain namedirectory and establishing and/or accepting connections via saidinternet type network; a phase for transferring said software entityfrom said first system into a second system, comprising steps forclosing active connections, releasing the internet type address of thesoftware entity, and updating said domain name directory; and a phasefor running said software entity in said second system, comprising stepsfor allocating a new address in conformity with the IPV6 internetprotocol, updating said domain name directory, and establishing and/oraccepting new connections via said internet type network.
 5. A processaccording to claim 4, characterized in that communications between saidsoftware entities take place in a client-server mode.
 6. A processaccording to claim 5, characterized in that said software entities areclient objects or server objects.
 7. A process according to claim 4,characterized in that, at least one of said systems is constituted by acluster of at least two machines, connected to said network at a commonnode and each machine forming one of said system virtual networks, saidnode is associated with an internet type address of said first series,making it possible to address a software entity hosted by any one ofsaid machines by means of an internet type address of said secondseries.
 8. A process according to claim 7, characterized in that atleast one of said software entities is duplicated in at least two of themachines of said cluster.
 9. A process according to claim 7,characterized in that said software entities are connected by means ofan internet link via said internet type network, in order to protectthis link from end to end and firewalls are associated with saidsoftware entities.
 10. A communication system in a set of distributedsystems via at least one internet type network, said set being dividedinto at least one domain comprising systems addressable via said networkby a first series of internet type addresses stored in a domain namedirectory and each system being connected to said network via aninterface module and having software layers comprising a stack ofaddresses of the first series and internet type communication protocols,and each system hosting at least one software entity, the communicationsystem being characterized in that said software entities and saidsystems are each provided with an internet type address of a secondseries, each system being configured into at least one system virtualnetwork to which the system itself and said software entities areconnected via specific interface modules and specific software layerscomprising a stack of addresses of the second series and internet typecommunication protocols, and means for storing said addresses and namesof the systems and the software entities connected to said systemvirtual networks in said domain name directory, such that any of saidsoftware entities hosted in any of said systems may be directlyaddressed from anywhere in said set of distributed systems using theinternet type address of the second series or the names of the softwareentities.
 11. A communication system according to claim 10, comprisingmeans for allocating an address comprising a prefix and an identifier toeach of said software entities for updating said domain name directoryto record the names and addresses of these software entities, andreleasing addresses so as to release an address previously allocated toa given software entity.
 12. A communication system according to claim11, characterized in that said addresses are established in conformitywith an internet protocol.
 13. A communication system according to claim12, characterized in that said address allocation is dynamic and in thatthe dynamic address allocation comprises at least the following phasesand steps: a phase for running said software entity in a first system,comprising steps for allocating an address in conformity with theinternet protocol, updating said domain name directory, and establishingand/or accepting connections via said internet type network; a phase fortransferring said software entity from said first system into a secondsystem, comprising steps for closing active connections, releasing theinternet type address of the software entity, and updating said domainname directory; and a phase for running said software entity in saidsecond system, comprising steps for allocating a new address inconformity with the IPV6 internet protocol, updating said domain namedirectory, and establishing and/or accepting new connections via saidinternet type network.
 14. A communication system according to claim 13,characterized in that said communications between said software entitiestake place in a client-server mode.
 15. A communication system accordingto claim 13, characterized in that said software entities are clientobjects or server objects.
 16. A communication system according to claim13, characterized in that at least one of said systems is constituted bya cluster of at least two machines, connected to said network at acommon node and each machine forming one of said system virtualnetworks, said node being associated with an internet type address ofsaid first series, such that a software entity hosted by any one of saidmachines by means of an internet type address of said second series maybe addressed.
 17. A communication system according to claim 16,characterized in that at least one of said software entities isduplicated in at least two of the machines of said cluster.
 18. Acommunication system according to claim 16, further including firewallsassociated with a pair of said software entities and means connected byan internet link via said internet type network, in order to protectsaid link from end to end.